From 290533a14fbcf09caf40c88c30fc39b227f110f0 Mon Sep 17 00:00:00 2001 From: Andy Chase Date: Wed, 3 Jul 2013 12:28:37 -0700 Subject: [PATCH] [ticket/11620] Add validate_referrer test Add a test for the validate_referrer function. PHPBB3-11620 --- tests/session/testable_facade.php | 16 ++++- tests/session/validate_referrer_test.php | 80 ++++++++++++++++++++++++ 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 tests/session/validate_referrer_test.php diff --git a/tests/session/testable_facade.php b/tests/session/testable_facade.php index 02af73174f..886c9b328a 100644 --- a/tests/session/testable_facade.php +++ b/tests/session/testable_facade.php @@ -102,10 +102,24 @@ class phpbb_session_testable_facade return $session->session_create($user_id, $set_admin, $persist_login, $viewonline); } - function validate_referer($check_script_path = false) + function validate_referer( + $check_script_path, + $referer, + $host, + $force_server_vars, + $server_port, + $server_name, + $root_script_path + ) { $session = $this->session_factory->get_session($this->db); global $config, $request; + $session->referer = $referer; + $session->page['root_script_path'] = $root_script_path; + $session->host = $host; + $config['force_server_vars'] = $force_server_vars; + $config['server_name'] = $server_name; + $request->overwrite('SERVER_PORT', $server_port, phpbb_request_interface::SERVER); return $session->validate_referer($check_script_path); } } diff --git a/tests/session/validate_referrer_test.php b/tests/session/validate_referrer_test.php new file mode 100644 index 0000000000..e5faf8a21f --- /dev/null +++ b/tests/session/validate_referrer_test.php @@ -0,0 +1,80 @@ +createXMLDataSet(dirname(__FILE__).'/fixtures/sessions_empty.xml'); + } + + public function setUp() + { + $this->session_factory = new phpbb_session_testable_factory; + $this->db = $this->new_dbal(); + $this->session_facade = + new phpbb_session_testable_facade($this->db, $this->session_factory); + } + + static function referrer_inputs() { + $ex = "example.org"; + $alt = "example.com"; + return array( + // checkpath referrer host forcevars port servername rootpath pass? + // 0 Referrer or host wasn't collected, therefore should validate + array(false, "", $ex, false, 80, $ex, "", true), + array(false, $ex, "", false, 80, $ex, "", true), + // 2 Referrer doesn't match host or server_name + array(false, $alt, $ex, yes, 80, $ex, "", false), + // 3 Everything should check out + array(false, $ex, $ex, false, 80, $ex, "", true), + // 4 Check Script Path + array(true, $ex, $ex, false, 80, $ex, "", true), + array(true, "$ex/foo", $ex, false, 80, $ex, "/foo", true), + array(true, "$ex/bar", $ex, false, 80, $ex, "/foo", false), + // 7 Port (This is not checked unless path is checked) + array(true, "$ex:80/foo", "$ex:80", false, 80, "$ex:80", "/foo", true), + array(true, "$ex:80/bar", "$ex:80", false, 80, "$ex:80", "/foo", false), + array(true, "$ex:79/foo", "$ex:81", false, 81, "$ex:81", "/foo", false), + ); + } + + /** @dataProvider referrer_inputs */ + function test_failing_referrer ( + $check_script_path, + $referrer, + $host, + $force_server_vars, + $server_port, + $server_name, + $root_script_path, + $pass_or_fail + ) + { + //Referrer needs http:// because it's going to get stripped in function. + $referrer = ($referrer? 'http://'.$referrer : ''); + $this->assertEquals( + $pass_or_fail, + $this->session_facade->validate_referer( + $check_script_path, + $referrer, + $host, + $force_server_vars, + $server_port, + $server_name, + $root_script_path + ), "referrer should" . ($pass_or_fail? "" : "n't") . " be validated"); + } +}